Hy Everbody !
I want to disable in my fortigate 90 the SSH port 22.
It is necessary to create a policy or I need to disable an option ?
Thank you !
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Do you enable ssh to form a WAN interface? if possible please share the screenshot.
Regards,
Nishad
Hi Cosmin.
What exactly are you trying to do? The info provided by Nishad is for blocking port 22 access to the fgt from the interface (usually a WAN port). If you are trying to block people (devices) from accessing port 22 at any addresses on the Internet (e.g. outside your fgt) you need to craft a firewall policy that blocks that port from Internal->WAN1 (e.g. connections going out the WAN port).
BTW I suggest leaving the ssh port value setting at 22 but uncheck SSH on the interface (e.g. WAN1) if you do not want people/devices attempting to access your fgt from outside.
Haven't tested this myself, but I assume the fgt will assume the default value for the SSH port will always be what is defined under system global.
system global set admin-ssh-port <value> end
(edited)
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
You just need to untick the ssh from the interface. Or else from system setting, you can change the ssh port from 22 to custom port.
Regards,
Nishad
Thank you for you answer.
I untick the ssh from the interface (network - interface) and I modify the ssh port (system-settings) from 22 to a custom port but is still open when I check on the internet
Other sugestions ?
Do you enable ssh to form a WAN interface? if possible please share the screenshot.
Regards,
Nishad
Hi Cosmin.
What exactly are you trying to do? The info provided by Nishad is for blocking port 22 access to the fgt from the interface (usually a WAN port). If you are trying to block people (devices) from accessing port 22 at any addresses on the Internet (e.g. outside your fgt) you need to craft a firewall policy that blocks that port from Internal->WAN1 (e.g. connections going out the WAN port).
BTW I suggest leaving the ssh port value setting at 22 but uncheck SSH on the interface (e.g. WAN1) if you do not want people/devices attempting to access your fgt from outside.
Haven't tested this myself, but I assume the fgt will assume the default value for the SSH port will always be what is defined under system global.
system global set admin-ssh-port <value> end
(edited)
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
You've allowed access from FortiCloud - this might well use port 22. Check with FTNT docs and the KB.
ncfom wrote:What are you checking, port 22 or your custom port? Also what are you trying to block access to? The Fortigate or a device behind it?Thank you for you answer.
I untick the ssh from the interface (network - interface) and I modify the ssh port (system-settings) from 22 to a custom port but is still open when I check on the internet
Other sugestions ?
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.